Date: Wed, 30 Aug 2000 20:01:52 +1100 From: Chris Pauly <l@binkyware.com> To: John <papalia@udel.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: Firewall solutions? Message-ID: <4.2.2.20000830194944.00abf650@bsd> In-Reply-To: <4.3.1.2.20000827102920.00ac5aa0@mail.udel.edu> References: <4.2.2.20000828003335.00aa2a30@bsd>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10 31 27/08/2000 -0400, John wrote:
><snip>
>
>This solution seems like it should work, but you don't really provide any
>details on your configuration and how it was 'messy' or how it ruined the
>routing... You might want to check out www.mostgraveconcern.com and check
>out the article on setting up a Dual-Homed machine (it's under the
>'Advanced Topics' listing on the left frame). Without setting up your FBSD
>to handle NAT (for your 192. box), and a firewall, AND to act as a
>gateway, it would seem that nothing would work right =)
>
>Hope that helps,
>John
Hi John,
I can't really remember how i had it setup before. It was something like:
I'm in the 255.255.240.0 subnet for my ISP and i had 2 subnet-less ips, so
i just pretended i had 255.255.255.240 (both of my ips fortunately fell
into this), but i couldn't reach any of the other IPs in that subnet, just
my 2.
I don't think i was clear before on what i wanted so i'll just go into a
little more depth. Here's a diagram of what i've got now: (fixed width font
needed for this)
internet
(default gateway = 1.2.32.1, netmask 255.255.240.0)
|
cable
modem
|
(bridged)
FreeBSD (1.2.43.156)---+
(alias 192.168.1.1) |
switch
| |
Windows (1.2.43.159)------+ |
|
Windows (192.168.1.2)-------+
What i want is all the computers firewalled using the FreeBSD box, i want
masquerading for the 192.168.1.2 computer, i want a smtpd/popd/squid etc on
FreeBSD, and i want a microsoft network (ie: network logons + shared drives).
At the moment it's all working except two things:
* network logons (broadcast packets aren't working)
* proper firewalling (all the data coming out of FreeBSD, whether its to my
cable modem or LAN, goes out rl0 (the NIC connected to my cable modem)).
I was thinking maybe i'll just have to move the FreeBSD from the uplink on
the switch to just a normal port and then have a new computer on the uplink
which is just a pure bridged firewall. But then i don't even know if
that'll do the job properly/easilly because all the data seems to go out
rl0 on the bridge, no matter what direction it's actually going. Why does
the bridge have to do this? Or am i missing something?
And i want to avoid having to buy another computer. It's been suggested
that 2nd hand p150 or something would be good, but i don't like 2nd hand
equipment. =) The lowest i'd opt for is a brand new k6-2 box.
But then i don't even know if that'll work. Would it?
And should i even be using the uplink on my switch? I'm unsure as to its
exact use, just seems like the right port to be using given its name.
Thanks in advance,
Chris
PS: I couldn't find that article you told me of - just a bunch of quotes.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000830194944.00abf650>